Solved: Finding Device Where NAT is taking place

JASON HYMAN · ‎09-17-2012

I'm trying to find out out on what device this NAT translation is happening on 10.0.0.8 -->173.72.139.52

Any suggestions on how to go about this would be great.

Javier Portuguez · ‎09-17-2012

Hi Jason,

First of all, you need to know where the 10.0.0.8 is. Once you find it, then you can check if there is any specific device translating it to a different IP address just right after (like a default-gateway for instance).

A good test is to turn on "ICMP debugging" of your edge Router (the one facing the Internet) and ping its internal interface from 10.0.0.8, if you see it as 173.72.139.52, then, you know something in the middle is translating it, you can use the same mechanism across the entire path until you see the real IP address.

Another way, is to run a traceroute, see how far it goes and start from there:

8 74 ms 74 ms 75 ms sl-st30-la-0-8-0-0.sprintlink.net [144.232.19.227]

9 73 ms 74 ms 74 ms 0.xe-11-2-0.br1.lax15.alter.net [204.255.168.93]

10 75 ms 75 ms 74 ms 0.ae1.lax01-bb-rtr1.verizon-gni.net [152.63.112.2]

11 159 ms 156 ms 155 ms p12-0-0.clppva-lcr-01.verizon-gni.net [130.81.28.13]

12 * * * Request timed out.

13 161 ms 160 ms 160 ms static-173-72-139-52.clppva.fios.verizon.net [173.72.139.52]

HTH.

Portu.

Please rate any post you find helpful.

Message was edited by: Javier Portuguez

View solution in original post

Javier Portuguez · ‎09-17-2012

Hi Jason,

First of all, you need to know where the 10.0.0.8 is. Once you find it, then you can check if there is any specific device translating it to a different IP address just right after (like a default-gateway for instance).

A good test is to turn on "ICMP debugging" of your edge Router (the one facing the Internet) and ping its internal interface from 10.0.0.8, if you see it as 173.72.139.52, then, you know something in the middle is translating it, you can use the same mechanism across the entire path until you see the real IP address.

Another way, is to run a traceroute, see how far it goes and start from there:

8 74 ms 74 ms 75 ms sl-st30-la-0-8-0-0.sprintlink.net [144.232.19.227]

9 73 ms 74 ms 74 ms 0.xe-11-2-0.br1.lax15.alter.net [204.255.168.93]

10 75 ms 75 ms 74 ms 0.ae1.lax01-bb-rtr1.verizon-gni.net [152.63.112.2]

11 159 ms 156 ms 155 ms p12-0-0.clppva-lcr-01.verizon-gni.net [130.81.28.13]

12 * * * Request timed out.

13 161 ms 160 ms 160 ms static-173-72-139-52.clppva.fios.verizon.net [173.72.139.52]

HTH.

Portu.

Please rate any post you find helpful.

Message was edited by: Javier Portuguez

JASON HYMAN · ‎09-17-2012

Javier...I don't have access to 10.0.0.8 I'm in a remote location. I do know that 10.0.0.0 is routed via 10.24.0.2 which is a Juniper ssg140 appliance. I'm fairly certain the translation is taking place on that device but not 100% sure?

Javier Portuguez · ‎09-17-2012

Jason,

At this point I would check the Juniper box my friend

JASON HYMAN · ‎09-17-2012

Thank you for your help Javier. It wasn't on the Juniper box...the edge router is doing the translation!

Thanks again!

Javier Portuguez · ‎09-17-2012

Nice to know you found it

Please mark this post as answered.

Have a good one!!